This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/2ce8BrFiQRs3VJ_Zautm0oa7EbU.roa
File:                     2ce8BrFiQRs3VJ_Zautm0oa7EbU.roa (raw, json)
Hash identifier:          fxQEApFN+/13TxFUm2ypGOLA2qi1xg5Iu/RGfT9GZ/0=
Subject key identifier:   D9:C7:BC:06:B1:62:41:1B:37:54:9F:D9:6A:EB:66:D2:86:BB:11:B5
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       019AE62A635BD9F606D6814A52431F11BC96
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/2ce8BrFiQRs3VJ_Zautm0oa7EbU.roa
Signing time:             Wed 03 Dec 2025 21:42:08 +0000
ROA not before:           Wed 03 Dec 2025 21:42:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20724
IP address blocks:        193.104.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:e6:2a:63:5b:d9:f6:06:d6:81:4a:52:43:1f:11:bc:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Dec  3 21:42:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9c7bc06b162411b37549fd96aeb66d286bb11b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:05:ba:24:aa:54:21:98:46:85:1a:a2:31:f1:
                    f9:02:97:07:33:ad:a2:de:81:60:0b:59:1f:90:fa:
                    cc:f7:43:87:6f:f3:86:08:45:37:38:03:e1:3d:08:
                    0e:23:ce:67:21:af:a9:1a:de:af:8f:8e:37:0b:b4:
                    b6:11:5e:01:91:b6:dd:ed:a1:b5:31:ec:b5:d9:3c:
                    59:fd:b3:bc:7d:dc:98:3f:0c:79:fa:7a:7d:89:46:
                    ec:39:69:92:7c:48:dc:ac:b8:e5:2c:13:7e:5c:90:
                    b6:62:13:2c:e5:18:2d:df:75:01:a0:ca:67:db:c9:
                    9d:2c:a7:79:3d:98:7b:33:48:bb:e5:ad:45:fb:ca:
                    5e:26:6a:55:33:a3:c2:bb:cb:be:68:2f:4e:dc:70:
                    06:cd:b1:cd:60:ca:f9:ab:c1:70:06:2e:95:34:54:
                    3c:8f:09:85:ad:f5:02:30:a9:b1:25:98:28:73:9d:
                    99:85:fa:55:2b:54:ab:51:3f:e0:2d:b3:8f:bd:51:
                    c9:47:44:93:ab:06:7a:70:bd:a5:dd:7d:c0:16:4f:
                    dc:f1:1d:44:e0:f6:95:94:99:03:df:57:20:1f:94:
                    c1:9e:8e:60:3d:6c:2a:f7:93:21:6b:b0:2e:03:87:
                    eb:21:4c:1d:85:7f:5c:c7:cc:3f:ce:63:51:a7:17:
                    40:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C7:BC:06:B1:62:41:1B:37:54:9F:D9:6A:EB:66:D2:86:BB:11:B5
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/2ce8BrFiQRs3VJ_Zautm0oa7EbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:44:1b:6d:63:2e:2e:17:fc:55:13:2a:ef:8a:17:03:b2:2e:
         23:ca:e3:44:c1:18:37:4c:a0:b0:7d:2c:88:e4:bb:9b:c5:e0:
         81:93:b5:e5:bb:28:34:55:0c:48:37:7a:36:89:d1:fb:47:98:
         4b:a1:da:71:c8:ad:17:da:8f:ba:36:ad:8c:ab:c9:4a:19:fd:
         c4:0a:f6:d5:44:ec:98:1b:82:47:71:c4:48:f0:aa:59:bd:95:
         1a:42:51:81:bb:30:5f:3a:40:42:54:d0:93:d1:af:15:c6:b6:
         52:19:1a:eb:48:0e:dd:3f:b2:58:44:a3:d7:74:d9:94:2f:18:
         e6:19:4e:64:f9:6e:2f:2e:8f:60:88:64:da:c3:24:f2:e3:81:
         56:ab:e9:68:a8:48:e1:26:af:25:d4:65:2a:54:e7:9a:41:00:
         15:a4:32:19:cf:48:40:fe:1e:83:8e:52:40:a7:13:f6:ad:f8:
         17:0c:4b:4f:52:15:f3:d6:37:31:2e:fb:60:7a:8b:d6:04:26:
         5a:d2:29:1b:e9:37:7e:eb:08:26:37:8e:01:84:61:01:b1:c4:
         78:30:bd:6d:6d:cb:aa:14:e2:9e:c5:21:32:59:51:73:89:fe:
         a6:c0:b8:12:9f:98:e9:0a:ae:7a:e0:3f:e0:2d:e3:43:22:fa:
         02:84:c3:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZrmKmNb2fYG1oFKUkMfEbyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjUxMjAzMjE0MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWM3YmMwNmIxNjI0MTFiMzc1NDlmZDk2YWViNjZkMjg2YmIxMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswW6JKpUIZhGhRqiMfH5ApcHM62i
3oFgC1kfkPrM90OHb/OGCEU3OAPhPQgOI85nIa+pGt6vj443C7S2EV4Bkbbd7aG1
Mey12TxZ/bO8fdyYPwx5+np9iUbsOWmSfEjcrLjlLBN+XJC2YhMs5Rgt33UBoMpn
28mdLKd5PZh7M0i75a1F+8peJmpVM6PCu8u+aC9O3HAGzbHNYMr5q8FwBi6VNFQ8
jwmFrfUCMKmxJZgoc52ZhfpVK1SrUT/gLbOPvVHJR0STqwZ6cL2l3X3AFk/c8R1E
4PaVlJkD31cgH5TBno5gPWwq95Mha7AuA4frIUwdhX9cx8w/zmNRpxdABQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnHvAaxYkEbN1Sf2WrrZtKGuxG1MB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvMmNlOEJyRmlRUnMzVkpfWmF1dG0wb2E3RWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWj1MA0G
CSqGSIb3DQEBCwUAA4IBAQBWRBttYy4uF/xVEyrvihcDsi4jyuNEwRg3TKCwfSyI
5LubxeCBk7Xluyg0VQxIN3o2idH7R5hLodpxyK0X2o+6Nq2Mq8lKGf3ECvbVROyY
G4JHccRI8KpZvZUaQlGBuzBfOkBCVNCT0a8VxrZSGRrrSA7dP7JYRKPXdNmULxjm
GU5k+W4vLo9giGTawyTy44FWq+loqEjhJq8l1GUqVOeaQQAVpDIZz0hA/h6DjlJA
pxP2rfgXDEtPUhXz1jcxLvtgeovWBCZa0ikb6Td+6wgmN44BhGEBscR4ML1tbcuq
FOKexSEyWVFzif6mwLgSn5jpCq564D/gLeNDIvoChMPU
-----END CERTIFICATE-----